As "Kerberos - The Definitive Guide" by O'Reilly states:
"... as long as the users have DES keys enabled in AD, they will be able to
kinit to the Windows DC without a problem ..."
On Wednesday 19 April 2006 23:41, Didier Caamaqo wrote:
> Greetings:
>
> I have a small Windows network and I'm trying to implement an OpenBSD box to
> be my file server and print server. What I'm trying to accomplish is:
> configure Samba to publish the share directories so the users can store their
> files there but at the same time authenticate the users against the Domain
> Controller, pulling the account information from AD and not having to manually
> add that info with smbpasswd.
>
> Kerberos, as far as I know, is working fine, at least it tries to connect to
> the realm, but then it gives a Password Incorrect Message. I know many of you
> will respond that I am typing the password incorrectly, first I thought that
> too, but then I went and tried the account in a windows client and it worked.
>
> If it is of any help, I downloaded and installed Samba with LDAP support and
> created the computer account in the Windows AD.
>
> This is my krb5.conf file
>
> [libdefaults]
> # Set the realm of this host here
> default_realm = DOMAIN.COM
> ticket_lifetime = 60000
> clockskew = 300
>
> [realms]
> DOMAIN.COM = {
> kdc = 10.0.0.1
> kdc = 10.0.0.1:88
> admin_server = 10.0.0.1:749
> }
>
> [domain_realm]
> .domain.com = DOMAIN.COM
> domain.com = DOMAIN.COM
>
>
> and this is the command I'm issuing in order to get tickets from the KDC (the
> domain controller)
>
> Code:
>
> # kinit [EMAIL PROTECTED]
> [EMAIL PROTECTED]'s Password:
> kinit: Password incorrect
>
>
> Any help or hint of how I might connect to kerberos will be appreciated,
> probably there's something I'm doing wrong or I'm missing. Thank you all in
> advance.
>
>
>
> Didier Caamaqo
>
> Director Departamento Informatica
>
> Sociedad Comercial Electrocenter Ltda.
>
> Correo Electrsnico: [EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]>
>
> Telifono: 02 - 584 - 7039
